Computers and computer network are constantly threatened by malware such as computer viruses, worms, keyloggers, Trojans, and other damaging executable software. Oftentimes, the malware is received by a computer network in the form of an executable software application as a download, update or the like and may infect and damage servers, computing devices, and other electronic devices and software that are electronically coupled to the computer network. The malware can infect any computing device that is internally or externally coupled to the computer network. Such malware causes significant damage to the servers, computing devices, and other electronic devices and results in expensive and time-consuming repairs.
The malware may be detected by anti-virus software, scanning software, and other software tools that analyze an executable software application to determine whether it is malware. Many executable software applications that contain malware or are suspected to contain malware contain a signature that is detected by the anti-virus software, scanning software, or other network security/protection tools. The malware signatures may be static or dynamic and may be used to block the malware from the computer network. The malware signature may also be used to identify the source of the malware.
Many current methods and systems of monitoring executable software for malware are performed on a manual basis, which may be time-consuming and provide moderates levels of accuracy. Further, many current methods and systems of detecting malware update a computer network on periodic basis, such as once per week. The window between updates creates a security risk for the dynamic malware signature to change and the anti-virus software, scanning software, and the like to fail to identify the malware as a risk. Further, malware having a dynamic signature morphs its signature, preventing the anti-virus software from determining the source of the malware. Some malware may not be easily or quickly neutralized and may need to be manually cleaned, which is also very time-consuming, expensive, and risky. Such malware may cause damage to the computer network before a solution is implemented.
Therefore, a system and method for monitoring executable software for malware is needed that is efficient, and capable of identifying morphing malware signatures, determine the source of the malware. Further, a system and method for monitoring executable software is needed that may neutralize and block a source of malware and may prevent the malware from causing damage to the computer network.